Your message dated Tue, 15 Apr 2008 14:47:54 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: [Pkg-samba-maint] Bug#444781: during samba install bogus
useraccounts (like debian-exim, www-data, etc) are added to the samba user
database
has caused the Debian Bug report #444781,
regarding during samba install bogus useraccounts (like debian-exim, www-data,
etc) are added to the samba user database
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
444781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444781
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: samba
Version: 3.0.24-6etch4
Severity: minor
Hi folks,
during install all accounts from /etc/passwd are added to the samba database,
why?
Importing accout for root...ok
Importing accout for daemon...ok
Importing accout for bin...ok
Importing accout for sys...ok
Importing accout for sync...ok
Importing accout for games...ok
Importing accout for man...ok
Importing accout for lp...ok
Importing accout for mail...ok
Importing accout for news...ok
Importing accout for uucp...ok
Importing accout for proxy...ok
Importing accout for www-data...ok
Importing accout for backup...ok
Importing accout for list...ok
Importing accout for irc...ok
Importing accout for gnats...ok
Importing accout for nobody...ok
Importing accout for statd...ok
Importing accout for sshd...ok
Importing accout for Debian-exim...ok
Is there any deeper sense behind this that I just don't understand? I think
this is not intentional and therefore I report this as a bug.
regards
Michael
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages samba depends on:
ii debconf 1.5.11 Debian configuration management sy
ii libacl1 2.2.41-1 Access control list shared library
ii libattr1 2.4.32-1 Extended attribute shared library
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii libcupsy 1.2.7-4 Common UNIX Printing System(tm) -
ii libgnutl 1.4.4-3 the GNU TLS library - runtime libr
ii libkrb53 1.4.4-7etch4 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpam-m 0.79-4 Pluggable Authentication Modules f
ii libpam-r 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii logrotat 3.7.1-3 Log rotation utility
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii netbase 4.29 Basic TCP/IP networking system
ii procps 1:3.2.7-3 /proc file system utilities
ii samba-co 3.0.24-6etch4 Samba common files used by both th
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages samba recommends:
ii smbldap-tools 0.9.2-3 Scripts to manage Unix and Samba a
-- debconf information:
samba/run_mode: daemons
samba/tdbsam: false
samba/generate_smbpasswd: true
--- End Message ---
--- Begin Message ---
Version: 3.0.24-6etch4
> > > during install all accounts from /etc/passwd are added to the samba
> > > database, why?
> >
> > So that SAM entries are subsequently available for all users on the system
> > without further administrator action, regardless of whether these are
> > accounts that would be granted password access to samba.
> >
> > > Is there any deeper sense behind this that I just don't understand? I
> > > think this is not intentional and therefore I report this as a bug.
> >
> > No, it is deliberate; but thank you for taking the time to report this.
> sorry that I think I have to reopen this bug, but think of this:
>
> One sets up "nt4 user manager for domains" to ease administration for
> non unix guys, then another one sees "Debian-exim", "fetchmail",
> "roundup", thinks a second, knows that it does not make sense, deletes
> these accounts with "nt4 usermanager for domains" and goes on... the
> next day angry and very annoyed folks in that company realise that mail
> and the local issue tracking system is broken.
Steve gave a detailed argument about why there are good reasons for
these accounts to be activated by default in the samba user database
*if the local admin chooses to generate the samba password file*.
You actually see cases where this could be a problem. However, I think
(and I guess Steve will also agree) that in the case where one does
setup a samba domain controller with NT admins managing users.....the
local admin has to take the needed measures to control that no such
problems happen. One of these is probably *not* answering Yes to that
question..:-)
Hence closing again this bug.
signature.asc
Description: Digital signature
--- End Message ---